[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CDPATH and shell scripts

Mike Hommey <mh@glandium.org> writes:

> On Thu, Jul 02, 2009 at 02:26:21PM -0700, Russ Allbery wrote:
>> Jonathan Yu <jonathan.i.yu@gmail.com> writes:
>> > How to fix them? Write Perl scripts, and turn on taint checking --
>> > that fixes the four issues above, because it makes the script exit if
>> > any of them look dangerous. Env::Sanctify::Auto is a Perl module that
>> > automatically cleans up the paths.
>> >
>> > My advice:
>> > 1. Write scripts that might be run as root (or setuid root) using Perl
>> > 2. Turn on taint checking
>> > 3. Consider using Env::Sanctify::Auto (shameless plug)
>> I would really prefer that people not start writing maintainer scripts
>> in Perl as a matter of course.  Perl is harder to analyze for programs
>> like lintian than shell scripts (which are already hard enough).
> I wonder, do dpkg unset these variables when running maintainer scripts?
> That could be a good idea if it doesn't already.
> Mike

It does not, at least not specifically. Nor do nearly all shell
scripts in /usr/bin.

And think of what fun that would be to debug for a debconf using
package. Suddenly debconf gets told some paths and errors out.


Reply to: